ldb: Do not read beyond the end of the extended DN component when printing

The print functions used in Samba NULL terminate, but do not assume they will BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> (cherry picked from commit a8a3cef3a768aaff01227dd7b229fb7b3aef926f)
author: Andrew Bartlett <abartlet@samba.org> 2019-08-27 13:16:18 +1200
committer: Karolin Seeger <kseeger@samba.org> 2019-09-04 08:31:25 +0000
commit: e019f3a6aac62460ee9768fec4001e00f00f8096 (patch)
tree: b1c46742dd3fdaa1577b46a1c637170d0009796b /lib
parent: 9b0c30517834da57a436ac6a0bad1fa2c6173849 (diff)
download: samba-e019f3a6aac62460ee9768fec4001e00f00f8096.tar.gz
1 files changed, 8 insertions, 4 deletions
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index b9a414dc566..83f94e3b913 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -871,11 +871,15 @@ char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx, struct ldb_dn *dn, int
 		}
 
 		if (i == 0) {
-			p = talloc_asprintf(mem_ctx, "<%s=%s>", 
-					    name, val.data);
+			p = talloc_asprintf(mem_ctx, "<%s=%.*s>",
+					    name,
+					    (int)val.length,
+					    val.data);
 		} else {
-			p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
-							  name, val.data);
+			p = talloc_asprintf_append_buffer(p, ";<%s=%.*s>",
+							  name,
+							  (int)val.length,
+							  val.data);
 		}
 
 		talloc_free(val.data);
author	Andrew Bartlett <abartlet@samba.org>	2019-08-27 13:16:18 +1200
committer	Karolin Seeger <kseeger@samba.org>	2019-09-04 08:31:25 +0000
commit	e019f3a6aac62460ee9768fec4001e00f00f8096 (patch)
tree	b1c46742dd3fdaa1577b46a1c637170d0009796b /lib
parent	9b0c30517834da57a436ac6a0bad1fa2c6173849 (diff)
download	samba-e019f3a6aac62460ee9768fec4001e00f00f8096.tar.gz